IT Architecture Review. ISACA Conference Fall 2003
|
|
- Sibyl Mosley
- 8 years ago
- Views:
Transcription
1 IT Architecture Review ISACA Conference Fall 2003
2 Table of Contents Introduction Business Drivers Overview of Tiered Architecture IT Architecture Review Why review IT architecture How to conduct IT architecture reviews What to review and assess Performing the Assessment - Examples Relevant Operating Issues Page 2
3 IT Architectural Design: Introduction The advent of the internet has created powerful new business processes as well as emerging risks for IT Risk management. The objective of this track is to ensure that IS auditors can effectively evaluate an organization s architecture and technical infrastructure. The content covers the development, acquisition and implementation of IS architectures and associated operational practices to ensure efficiency and information security. Page 3
4 Business Drivers Potential drivers for the implementation of N Tier Architecture Limitations of the Classic Architecture Low Flexibility Difficult to enhance systems functionality or expand into new products Poor Scalability Scalability is costly and limited by the architecture s design Competitive Factors Barriers to Entry Strategy Ease of competitor s entering the market Globalization Ability to implement regionalized ecommerce sites Page 4
5 Overview of Tiered Architecture Page 5
6 Client-Server Paradigm (1 of 3) Client/server architecture Introduced in the early 80 s clients and servers are separate logical objects that communicate with each other to perform a task together No physical connection between a client and a server Reside on the same machine Reside on two separate machines across a network Applications can be deployed on different hardware and different operating systems, optimizing the type of work each performs Page 6
7 Clients Client-Server Paradigm (2 of 3) Entities that request services of another computer system or process using an established protocol and accept the server s response Client makes a request for a service and receives a reply to that request Servers Entities that provide requested services Server waits, receives, processes requests and then sends back a response Page 7
8 Client-Server Paradigm (3 of 3) Benefits of client/server architectures Code is re-usable When properly designed, the same code may be used in many different instances One may design a system that responds automatically to increase in system load by adding new servers and services without too much difficulty Modular and Extensible Allows for fault tolerant systems One service can be offered on many different machines No single point of failure Page 8
9 Tiered Architecture (1 of 2) Classic two-tier "Fat-Client" model: Tier One: Customer access system and gateway services. Also performs presentation and customer application services Tier Two: Provides business logic and database services PRESENTATION TIER APPLICATION TIER BUSINESS TIER DATA TIER Disadvantages: Poor Scalability Maintenance upgrades have to be deployed to all clients Page 9
10 Tiered Architecture (2 of 2) N Tier Architecture Tier One: Client side: browser/wap/pda. Server side: Markup tags Tier Two: Data Encryption, Port Assignments Tier Three: Business objects and Rules, Data Transformation Tier Four: Data Access Objects, ODBC, JDBC, XML Tier Five: Data Repositories Abstraction Layers are Independent Advantages Reduces maintenance costs and increases functional flexibility in the long run PRESENTATION TIER APPLICATION LOGIC BUSINESS LOGIC DATA ACCESS DATA TIER Page 10
11 IT Architecture Review Page 11
12 IT ARCHITECTURE REVIEWS Why review IT architecture How to conduct IT architecture reviews What to review and assess Performing the assessment Page 12
13 Why Review IT Architecture IT architecture is a key component in supporting business goals and objectives: Foundation for developing large, complex, distributed systems environment; Manage and control complexity in system deployment; Basis for determining software and hardware decisions Defines the overall IT goals, organization and system components needed to support long-term business requirements Identify gaps and areas for concern or improvement Optimize return on IT /IS investment Page 13
14 How to Conduct IT Architecture Reviews Define business goals and objectives Identify existing IT and systems infrastructure environment: the structure and organization of IT /IS in supporting business goals the architectural framework ( layers) for developing and connecting system components Review and Identify gaps between architecture characteristics / attributes and business requirements Page 14
15 What to review and assess Logical - functional requirements of IT architecture Abstraction & encapsulation Information hiding Separation modularization Process abilities of the system that can be measured Flexibility Security Scalability Performance Reliability Availability Maintainability Infrastructure Physical infrastructure and system components Page 15
16 Non-Functional Requirements (1 Of 2) Scalability May be expanded or reduced in size to meet business requirements Bottlenecks can be resolved by adding more hardware/memory/processing power constraints are not imposed by the software ability to easily adjust for the number of concurrent users, data storage requirements, network capacity, and so forth Reliability Systems perform consistently in both normal and adverse conditions within the accepted operational cycle (24x7) and system downtime In the event of hazards, peak traffic loads, or attacks, systems appear to operate smoothly to users while allowing for intuitive, effective management and recovery by the staff Eliminates single points of failure Flexibility The ability to expediently add new products and services to the architecture in response to business needs Essential to providing flexibility is designing code as discrete, re-useable modules in addition to selecting products that support well-known standards Avoiding product customization when integrating the components to the architecture also aids flexibility Page 16
17 Non-Functional Requirements (2 Of 2) Performance Good performance means the interval from the time the user enters a request to the time a response is received encourages use of the system Performance factors include the ability to quickly route HTTP traffic, handle SSL sessions, complete a transaction, and return a third-party service Manageability 1. Operational - All non trivial systems contain the instrumentation to be proactively managed by an administration tool. Responses to messages from nodes (e.g. SNMP traps) are automated and sophisticated. Management traffic is not excessive and a burden to the network 2. Development Approach The design of the architecture facilitates code re-use and efficient debugging. The manner in which services and logic are partitioned within the architecture is intuitive and results in components playing discrete, well-defined roles Page 17
18 Infrastructure Requirements Ability to Duplicate It is possible to replicate the system at another location The architecture is transparent at the conceptual level, and its components are suitable for an international environment (e.g. well-known abroad, available in foreign languages) Acceptable Cost of Operation Considering alternative approaches and comparable business requirements, the total cost of ownership of the resulting environment is within the lower quartile Long-Term Viability The design of the architecture is based on state-of-the-art yet proven concepts and built using best of breed products. Page 18
19 Infrastructure Components Logical view of the architecture helps one understand how the infrastructure fits together at a conceptual level Ultimately products must be selected to support the high-level design These products become the actual "components" or "building blocks" of the architecture that are installed and configured to support operations Page 19
20 Infrastructure Components 1. Clients e.g. web browsers or telephones connecting to the IVR (Interactive Voice Response), using company resources and services 2. Network components Includes firewalls and web traffic dispatchers 3. Web servers Handles HTTP requests and securing communications via SSL 4. Application servers Focuses on presentation and session management services Page 20
21 Infrastructure Components 5. Business logic and transaction servers Manage and execute transactions 6. Database servers Data storage and management 7. Server Operating Systems 8. Development languages and tools Create logic, design GUI interfaces, and customize services 9. Network and systems management tools Monitor and manage system / network events Page 21
22 Performing the Assessment - Example Page 22
23 Example: Performing the Assessment Areas to consider for assessment: Information Resource Planning, Business Continuity Planning, Architecture Development, and Security Assessing IT architecture security Consider the risks and implemented strategies to mitigate potential security hazards. Any general security strategy should be include controls to: prevent; detect; control; and respond to architectural security. Review the organizational Internet security strategy Identify and assess controls contributing to each of the above. Page 23
24 Performing the Assessment What to ask: Has the organization established Internet security policies and procedures as part of its general information protection strategy? What types of authentication technology are in use within the network (i.e. single sign-on, token technology, call & response, certificate authorities)? How are these technologies integrated with the Internet technologies? Is adequate security implemented throughout the network (i.e. from client to web server, from web server to backend system, from web server to database, etc)? Does the organization use encryption technology to protect transmitted data (internal and/or external transmissions)? Page 24
25 Performing the Assessment What to ask: Does the organization have its public Internet servers certified by a certificate authority, such as Verisign to protect against imitation servers on the public network. Does the organization employ any types of virus protection technology to mitigate the risk of introduction of destructive items from the public network? What types of security tools/utilities are in use? Where are Internet servers deployed, inside or outside the firewall? How are security breaches detected and communicated? What procedures are followed to neutralize security threats once they are detected? Do audit procedures exist to periodically review the security status of the network and Internet systems and identify instances of potential threatening activity? Are audit logs being recorded (audit tools and/or the operating system) and reviewed regularly? Page 25
26 Performing the Assessment What to do: With the assistance of technical personnel, audit staff, and IT audit management, identify significant risk issues associated with Internet control, security, and audit. Review existing security policies and procedures and confirm adequacy given organizational standards. Review security configurations of operating systems, Internet applications, and other utilities/tools (if applicable). Confirm that settings meet organizational standards. Consider the use of computer assisted audit tools to interrogate status of significant hardware components and report potential security risks. Page 26
27 Performing the Assessment What to do: Test and confirm that security controls are implemented over each significant entity within the network (i.e. firewall, web server, applications, database, etc). Test and confirm the functionality of encryption utilities. Test and confirm the functionality of implemented virus protection tools by reviewing tool configurations and reviewing incident logs. Test and confirm the adequacy of audit log settings. Test and confirm the adequacy of incident response procedures. Page 27
28 Relevant Issues Page 28
29 Information Security Relevant Issues Software Development Lifecycle Page 29
30 Information Security (1 of 3) Issue: Privacy of Customer Data Personally Identifiable Information vs. Non-personal Information Relevant Concerns Loss of Customer Trust Loss of Brand Value SB1386 requires that a company disclose in specified ways, any breach of the security of the data, as defined, to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person Page 30
31 Examples Include: JetBlue Airways Information Security (2 of 3) Violated its own privacy policy Provided 5 million passenger itineraries to a Defense Department contractor that used the information as part of a study seeking ways to identify "high risk" airline customers FTC Study 1 in 7 Americans are victims of Identity Theft Page 31
32 Information Security (3 of 3) Examples of Control Weaknesses Use of live customer data in a Test environment Inappropriate User Access to Customer data Data Encryption does not exists at all levels Page 32
33 Systems Development Life Cycle (1 of 2) Issue: Segregation of Environments, Coding Standards Relevant Concerns Inappropriate access Application Instability Maintenance Issues Page 33
34 Systems Development Life Cycle (2 of 2) Examples of Control Weaknesses Developer with access to both test and production environments Poor abstraction between presentation, logic and data e.g. HTML tags or business logic in the data layer Page 34
35 Q & A Questions Page 35
Certified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) Course Introduction Course Introduction Module 01 - The Process of Auditing Information Systems Lesson 1: Management of the Audit Function Organization of the
More informationNetwork Security Administrator
Network Security Administrator Course ID ECC600 Course Description This course looks at the network security in defensive view. The ENSA program is designed to provide fundamental skills needed to analyze
More informationInjazat s Managed Services Portfolio
Injazat s Managed Services Portfolio Overview Premium Managed Services to Transform Your IT Environment Injazat s Premier Tier IV Data Center is built to offer the highest level of security and reliability.
More informationICS 434 Advanced Database Systems
ICS 434 Advanced Database Systems Dr. Abdallah Al-Sukairi sukairi@kfupm.edu.sa Second Semester 2003-2004 (032) King Fahd University of Petroleum & Minerals Information & Computer Science Department Outline
More informationThe Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency
logo The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency Understanding the Multiple Levels of Security Built Into the Panoptix Solution Published: October 2011
More informationState of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD005.001. Effective Date: April 7, 2005
State of New Mexico Statewide Architectural Configuration Requirements Title: Network Security Standard S-STD005.001 Effective Date: April 7, 2005 1. Authority The Department of Information Technology
More informationChapter 2 TOPOLOGY SELECTION. SYS-ED/ Computer Education Techniques, Inc.
Chapter 2 TOPOLOGY SELECTION SYS-ED/ Computer Education Techniques, Inc. Objectives You will learn: Topology selection criteria. Perform a comparison of topology selection criteria. WebSphere component
More informationAutodesk PLM 360 Security Whitepaper
Autodesk PLM 360 Autodesk PLM 360 Security Whitepaper May 1, 2015 trust.autodesk.com Contents Introduction... 1 Document Purpose... 1 Cloud Operations... 1 High Availability... 1 Physical Infrastructure
More informationIT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results
Acquire or develop application systems software Controls provide reasonable assurance that application and system software is acquired or developed that effectively supports financial reporting requirements.
More informationXerox SMart esolutions. Security White Paper
Xerox SMart esolutions Security White Paper 1 Xerox SMart esolutions White Paper Network and data security is one of the many challenges that businesses face on a daily basis. Recognizing this, Xerox Corporation
More informationSolutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance
White Paper Solutions for Health Insurance Portability and Accountability Act (HIPAA) Compliance Troy Herrera Sr. Field Solutions Manager Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA
More informationRajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np
Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Meaning Why is Security Audit Important Framework Audit Process Auditing Application Security
More informationINFORMATION SECURITY Humboldt State University
CSU The California State University Office of Audit and Advisory Services INFORMATION SECURITY Humboldt State University Audit Report 14-50 October 30, 2014 EXECUTIVE SUMMARY OBJECTIVE The objectives of
More informationEmpLive Technical Overview
Version 1.6 Updated 27/08/2015 Support: +61 2 8399 1688 Email: support@wfsaustralia.com Website: wfsaustralia.com Legal Notice Copyright WFS: A WorkForce Software Company. All Rights Reserved. By receiving
More informationConcepts of Database Management Seventh Edition. Chapter 9 Database Management Approaches
Concepts of Database Management Seventh Edition Chapter 9 Database Management Approaches Objectives Describe distributed database management systems (DDBMSs) Discuss client/server systems Examine the ways
More informationAn Overview of the SaskTel Hosted Contact Centre Solution Design and Delivery Principles, and Core Architecture
23082011 An Overview of the SaskTel Hosted Contact Centre Solution Design and Delivery Principles, and Core Architecture TABLE OF CONTENTS The SaskTel Hosted Contact Centre Solution... 3 Benefits of the
More information4D as a Web Application Platform
4D as a Web Application Platform 4D is a powerful, flexible, and very scalable Web application platform. This white paper examines the common requirements for Web application servers, and discusses the
More informationIndustrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1
Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3
More informationArchitecture Guidelines Application Security
Executive Summary These guidelines describe best practice for application security for 2 or 3 tier web-based applications. It covers the use of common security mechanisms including Authentication, Authorisation
More informationS y s t e m A r c h i t e c t u r e
S y s t e m A r c h i t e c t u r e V e r s i o n 5. 0 Page 1 Enterprise etime automates and streamlines the management, collection, and distribution of employee hours, and eliminates the use of manual
More informationREGULATIONS FOR THE SECURITY OF INTERNET BANKING
REGULATIONS FOR THE SECURITY OF INTERNET BANKING PAYMENT SYSTEMS DEPARTMENT STATE BANK OF PAKISTAN Table of Contents PREFACE... 3 DEFINITIONS... 4 1. SCOPE OF THE REGULATIONS... 6 2. INTERNET BANKING SECURITY
More informationEnterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February 2010 www.alvandsolutions.
Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH White Paper February 2010 www.alvandsolutions.com Overview Today s increasing security threats and regulatory
More informationInformation security controls. Briefing for clients on Experian information security controls
Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face
More informationSpecific observations and recommendations that were discussed with campus management are presented in detail below.
CSU The California State University Office of Audit and Advisory Services INFORMATION SECURITY California State University, San Bernardino Audit Report 14-55 March 18, 2015 EXECUTIVE SUMMARY OBJECTIVE
More informationCisco Advanced Services for Network Security
Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs
More informationInformation Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified
Standard: Data Security Standard (DSS) Requirement: 6.6 Date: February 2008 Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified Release date: 2008-04-15 General PCI
More informationCHAPTER 2 MODELLING FOR DISTRIBUTED NETWORK SYSTEMS: THE CLIENT- SERVER MODEL
CHAPTER 2 MODELLING FOR DISTRIBUTED NETWORK SYSTEMS: THE CLIENT- SERVER MODEL This chapter is to introduce the client-server model and its role in the development of distributed network systems. The chapter
More informationCentral Agency for Information Technology
Central Agency for Information Technology Kuwait National IT Governance Framework Information Security Agenda 1 Manage security policy 2 Information security management system procedure Agenda 3 Manage
More information1 Product. Open Text is the leading fax server vendor in the world. *
1 Product Open Text Fax s Replace fax machines and inefficient paper processes with efficient and secure computer-based faxing and electronic document delivery Open Text is the leading fax server vendor
More informationHow To Protect A Web Application From Attack From A Trusted Environment
Standard: Version: Date: Requirement: Author: PCI Data Security Standard (PCI DSS) 1.2 October 2008 6.6 PCI Security Standards Council Information Supplement: Application Reviews and Web Application Firewalls
More informationFundamentals of a Windows Server Infrastructure MOC 10967
Fundamentals of a Windows Server Infrastructure MOC 10967 Course Outline Module 1: Installing and Configuring Windows Server 2012 This module explains how the Windows Server 2012 editions, installation
More informationINFORMATION SECURITY California Maritime Academy
CSU The California State University Office of Audit and Advisory Services INFORMATION SECURITY California Maritime Academy Audit Report 14-54 April 8, 2015 Senior Director: Mike Caldera IT Audit Manager:
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationTechniques for Scaling Components of Web Application
, March 12-14, 2014, Hong Kong Techniques for Scaling Components of Web Application Ademola Adenubi, Olanrewaju Lewis, Bolanle Abimbola Abstract Every organisation is exploring the enormous benefits of
More informationOracle Net Services for Oracle10g. An Oracle White Paper May 2005
Oracle Net Services for Oracle10g An Oracle White Paper May 2005 Oracle Net Services INTRODUCTION Oracle Database 10g is the first database designed for enterprise grid computing, the most flexible and
More informationPermeo Technologies WHITE PAPER. HIPAA Compliancy and Secure Remote Access: Challenges and Solutions
Permeo Technologies WHITE PAPER HIPAA Compliancy and Secure Remote Access: Challenges and Solutions 1 Introduction The Healthcare Insurance Portability and Accountability Act (HIPAA) of 1996 has had an
More informationPerformance Prediction, Sizing and Capacity Planning for Distributed E-Commerce Applications
Performance Prediction, Sizing and Capacity Planning for Distributed E-Commerce Applications by Samuel D. Kounev (skounev@ito.tu-darmstadt.de) Information Technology Transfer Office Abstract Modern e-commerce
More informationISO 27001 COMPLIANCE WITH OBSERVEIT
ISO 27001 COMPLIANCE WITH OBSERVEIT OVERVIEW ISO/IEC 27001 is a framework of policies and procedures that include all legal, physical and technical controls involved in an organization s information risk
More informationCisco IOS Voice XML Browser
Cisco IOS Voice XML Browser Cisco Unified Communications is a comprehensive IP communications system of voice, video, data, and mobility products and applications. It enables more effective, more secure,
More informationCourse Outline. ttttttt
10967 - Fundamentals of a Windows Server Infrastructure General Description Learn the fundamental knowledge and skills that you need to build a Windows Server infrastructure with Windows Server 2012. This
More informationEvaluate the Usability of Security Audits in Electronic Commerce
Evaluate the Usability of Security Audits in Electronic Commerce K.A.D.C.P Kahandawaarachchi, M.C Adipola, D.Y.S Mahagederawatte and P Hewamallikage 3 rd Year Information Systems Undergraduates Sri Lanka
More informationCBIO Security White Paper
One Canon Plaza Lake Success, NY 11042 www.ciis.canon.com CBIO Security White Paper Introduction to Canon Business Imaging Online Canon Business Imaging Online ( CBIO ) is a cloud platform for Canon s
More informationSOA REFERENCE ARCHITECTURE: WEB TIER
SOA REFERENCE ARCHITECTURE: WEB TIER SOA Blueprint A structured blog by Yogish Pai Web Application Tier The primary requirement for this tier is that all the business systems and solutions be accessible
More informationPROTECTING YOUR VOICE SYSTEM IN THE CLOUD
PROTECTING YOUR VOICE SYSTEM IN THE CLOUD Every enterprise deserves to know what its vendors are doing to protect the data and systems entrusted to them. Leading IVR vendors in the cloud, like Angel, consider
More informationEnterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006
Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,
More informationFundamentals of a Windows Server Infrastructure Course 10967A; 5 Days, Instructor-led
Lincoln Land Community College Capital City Training Center 130 West Mason Springfield, IL 62702 217-782-7436 www.llcc.edu/cctc Fundamentals of a Windows Server Infrastructure Course 10967A; 5 Days, Instructor-led
More informationSecurity & Infra-Structure Overview
Security & Infra-Structure Overview Contents KantanMT Platform Security... 2 Customer Data Protection... 2 Application Security... 2 Physical and Environmental Security... 3 ecommerce Transactions... 4
More informationMIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)
MIT s Information Security Program for Protecting Personal Information Requiring Notification (Revision date: 2/26/10) Table of Contents 1. Program Summary... 3 2. Definitions... 4 2.1 Identity Theft...
More informationINFORMATION TECHNOLOGY SECURITY STANDARDS
INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL
More informationensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster
Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)
More informationHP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide
HP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide Product overview... 3 Vulnerability scanning components... 3 Vulnerability fix and patch components... 3 Checklist... 4 Pre-installation
More informationISO 27001 Controls and Objectives
ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationSyslog Analyzer ABOUT US. Member of the TeleManagement Forum. info@ossera.com +1-916-290-9300 http://www.ossera.com
Syslog Analyzer ABOUT US OSSera, Inc. is a global provider of Operational Support System (OSS) solutions for IT organizations, service planning, service operations, and network operations. OSSera's multithreaded
More informationCisco and VMware Virtualization Planning and Design Service
Cisco and VMware Virtualization Planning and Design Service Create an End-to-End Virtualization Strategy with Combined Services from Cisco and VMware Service Overview A Collaborative Approach to Virtualization
More informationSupplier Security Assessment Questionnaire
HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.
More informationTABLE OF CONTENT. Page 2 of 9 INTERNET FIREWALL POLICY
IT FIREWALL POLICY TABLE OF CONTENT 1. INTRODUCTION... 3 2. TERMS AND DEFINITION... 3 3. PURPOSE... 5 4. SCOPE... 5 5. POLICY STATEMENT... 5 6. REQUIREMENTS... 5 7. OPERATIONS... 6 8. CONFIGURATION...
More informationManaged Security Services for Data
A v a y a G l o b a l S e r v i c e s Managed Security Services for Data P r o a c t i v e l y M a n a g i n g Y o u r N e t w o r k S e c u r i t y 2 4 x 7 x 3 6 5 IP Telephony Contact Centers Unified
More informationTASK -040. TDSP Web Portal Project Cyber Security Standards Best Practices
Page 1 of 10 TSK- 040 Determine what PCI, NERC CIP cyber security standards are, which are applicable, and what requirements are around them. Find out what TRE thinks about the NERC CIP cyber security
More informationSecurity Controls What Works. Southside Virginia Community College: Security Awareness
Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationIT Networking and Security
elearning Course Outlines IT Networking and Security powered by Calibrate elearning Course Outline CompTIA A+ 801: Fundamentals of Computer Hardware/Software www.medallionlearning.com Fundamentals of Computer
More informationVirtual Private Networks (VPN) Connectivity and Management Policy
Connectivity and Management Policy VPN Policy for Connectivity into the State of Idaho s Wide Area Network (WAN) 02 September 2005, v1.9 (Previous revision: 14 December, v1.8) Applicability: All VPN connections
More informationRemote Services. Managing Open Systems with Remote Services
Remote Services Managing Open Systems with Remote Services Reduce costs and mitigate risk with secure remote services As control systems move from proprietary technology to open systems, there is greater
More informationDelphi Information 3 rd Party Security Requirements Summary. Classified: Public 5/17/2012. Page 1 of 11
Delphi Information 3 rd Party Security Requirements Summary Classified: Public 5/17/2012 Page 1 of 11 Contents Introduction... 3 Summary for All Users... 4 Vendor Assessment Considerations... 7 Page 2
More informationSecurity Issues in Cloud Computing
Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources
More informationAN IN-DEPTH VIEW. Cleo Cleo Harmony - An In-Depth View
AN IN-DEPTH VIEW 1 OVERVIEW ABOUT THIS PAPER Many companies today have a number of B2B and A2A integration processes that they must maintain. IT departments are supporting complex and inefficient infrastructures
More informationReducing Application Cost and Risk through Centralized SOA Security
Reducing Application Cost and Risk through Centralized SOA Security by Mamoon Yunus, CEO of Crosscheck Networks Abstract: This article compares centralized and decentralized application security models.
More information3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014. Straightforward Security and Compliance
3rd Party Assurance & Information Governance 2014-2016 outlook IIA Ireland Annual Conference 2014 Continuous Education Services (elearning/workshops) Compliance Management Portals Information Security
More informationTenzing Security Services and Best Practices
Tenzing Security Services and Best Practices OVERVIEW Security is about managing risks and threats to your environment. The most basic security protection is achieved by pro-actively monitoring and intercepting
More informationApplication Security in the Software Development Lifecycle
Application Security in the Software Development Lifecycle Issues, Challenges and Solutions www.quotium.com 1/15 Table of Contents EXECUTIVE SUMMARY... 3 INTRODUCTION... 4 IMPACT OF SECURITY BREACHES TO
More informationEnterprise Security Architecture
Enterprise Architecture -driven security April 2012 Agenda Facilities and safety information Introduction Overview of the problem Introducing security architecture The SABSA approach A worked example architecture
More informationGuideline on Auditing and Log Management
CMSGu2012-05 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Auditing and Log Management National Computer Board Mauritius
More informationCisco IOS Voice XML Browser
Cisco IOS Voice XML Browser Cisco Unified Communications is a comprehensive IP communications system of voice, video, data, and mobility products and applications. It enables more effective, more secure,
More informationTOP SECRETS OF CLOUD SECURITY
TOP SECRETS OF CLOUD SECURITY Protect Your Organization s Valuable Content Table of Contents Does the Cloud Pose Special Security Challenges?...2 Client Authentication...3 User Security Management...3
More informationEvolution from the Traditional Data Center to Exalogic: An Operational Perspective
An Oracle White Paper July, 2012 Evolution from the Traditional Data Center to Exalogic: 1 Disclaimer The following is intended to outline our general product capabilities. It is intended for information
More informationAvaya TM G700 Media Gateway Security. White Paper
Avaya TM G700 Media Gateway Security White Paper March 2002 G700 Media Gateway Security Summary With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional
More informationAvaya G700 Media Gateway Security - Issue 1.0
Avaya G700 Media Gateway Security - Issue 1.0 Avaya G700 Media Gateway Security With the Avaya G700 Media Gateway controlled by the Avaya S8300 or S8700 Media Servers, many of the traditional Enterprise
More informationINFORMATION TECHNOLOGY ENGINEER V
1464 INFORMATION TECHNOLOGY ENGINEER V NATURE AND VARIETY OF WORK This is senior level lead administrative, professional and technical engineering work creating, implementing, and maintaining the County
More informationIBM Connections Cloud Security
IBM Connections White Paper September 2014 IBM Connections Cloud Security 2 IBM Connections Cloud Security Contents 3 Introduction 4 Security-rich Infrastructure 6 Policy Enforcement Points Provide Application
More informationAn Overview of Information Security Frameworks. Presented to TIF September 25, 2013
An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information
More informationKeyfort Cloud Services (KCS)
Keyfort Cloud Services (KCS) Data Location, Security & Privacy 1. Executive Summary The purposes of this document is to provide a common understanding of the data location, security, privacy, resiliency
More informationSTRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction
Policy: Title: Status: 1. Introduction ISP-S12 Network Management Policy Revised Information Security Policy Documentation STRATEGIC POLICY 1.1. This information security policy document covers management,
More informationCisco Application Networking for IBM WebSphere
Cisco Application Networking for IBM WebSphere Faster Downloads and Site Navigation, Less Bandwidth and Server Processing, and Greater Availability for Global Deployments What You Will Learn To address
More informationPolicy Management: The Avenda Approach To An Essential Network Service
End-to-End Trust and Identity Platform White Paper Policy Management: The Avenda Approach To An Essential Network Service http://www.avendasys.com email: info@avendasys.com email: sales@avendasys.com Avenda
More informationCA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam
CA Single Sign-On r12.x (CA SiteMinder) Implementation Proven Professional Exam (CAT-140) Version 1.4 - PROPRIETARY AND CONFIDENTIAL INFORMATION - These educational materials (hereinafter referred to as
More informationNETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS
NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS Scope and Applicability: These Network and Certificate System Security Requirements (Requirements) apply to all publicly trusted Certification Authorities
More informationהמרכז ללימודי חוץ המכללה האקדמית ספיר. ד.נ חוף אשקלון 79165 טל'- 08-6801535 פקס- 08-6801543 בשיתוף עם מכללת הנגב ע"ש ספיר
מודולות הלימוד של מייקרוסופט הקורס מחולק ל 4 מודולות כמפורט:.1Configuring Microsoft Windows Vista Client 70-620 Installing and upgrading Windows Vista Identify hardware requirements. Perform a clean installation.
More informationCisco AON Secure File Transfer Extension Module
Cisco AON Secure File Transfer Extension Module Product Overview Cisco Application-Oriented Networking (AON) products look simple a small hardware blade on a Catalyst switch, or a router, or a standalone
More informationSplunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF
Splunk Enterprise Log Management Role Supporting the ISO 27002 Framework EXECUTIVE BRIEF Businesses around the world have adopted the information security standard ISO 27002 as part of their overall risk
More informationELECTRONIC COMMERCE SYSTEMS
CHAPTER ELECTRONIC COMMERCE SYSTEMS This chapter discusses one of the most visible segments of the business world today e-commerce. In general terms, the issues involve the electronic processing and transmission
More informationService-Oriented Architecture and Software Engineering
-Oriented Architecture and Software Engineering T-86.5165 Seminar on Enterprise Information Systems (2008) 1.4.2008 Characteristics of SOA The software resources in a SOA are represented as services based
More informationInstallation and Configuration in Microsoft Dynamics NAV 5.0
Installation and Configuration in Microsoft Dynamics NAV 5.0 8870: Installation and Configuration in Microsoft Dynamics NAV 5.0 (2 Days) About this Course Elements of this syllabus are subject to change.this
More informationFAQs for Oracle iplanet Proxy Server 4.0
FAQs for Oracle iplanet Proxy Server 4.0 Get answers to the questions most frequently asked about Oracle iplanet Proxy Server Q: What is Oracle iplanet Proxy Server (Java System Web Proxy Server)? A: Oracle
More informationAlice. Software as a Service(SaaS) Delivery Platform. innovation is simplicity
Ekartha, Inc. 63 Cutter Mill Road Great Neck, N.Y. 11021 Tel.: (516) 773-3533 Ekartha India Pvt. Ltd. 814/B Law College Road Demech House, 4th Floor Erandwane, Pune, India Email: info@ekartha.com Web:
More informationAchieving PCI Compliance Using F5 Products
Achieving PCI Compliance Using F5 Products Overview In April 2000, Visa launched its Cardholder Information Security Program (CISP) -- a set of mandates designed to protect its cardholders from identity
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationBUDGET LETTER 05-03 PEER-TO-PEER FILE SHARING 4841.1, 4841.2, EXECUTIVE ORDER S-16-04
BUDGET LETTER SUBJECT: PEER-TO-PEER FILE SHARING REFERENCES: STATE ADMINISTRATIVE MANUAL SECTIONS 4819.2, 4840.4, 4841.1, 4841.2, EXECUTIVE ORDER S-16-04 NUMBER: 05-03 DATE ISSUED: March 7, 2005 SUPERSEDES:
More information